Hello list,
I've successfully managed to connect to Win 2000 Active Directory Server.
The only information available in Jboss site is wrong and IMHO should be
updated. The main error was the ldap://myhost.com which turns into a comment
without "".
My configuration now authenticates to the server but there are two things
that don't work:
-The displayname attribute is used to perform authentication independently
of another one specified in uidAttributeID, which means that instead of
login (cferrao) i have to write my complete name (Carlos Ferrao).
- The roles are not verified. As I said in my previous mail, two groups
exist in win2000AD (Tuser and Tadmin) and they are in the same CN as Users.
I think the auth.conf parameters are not being used. Once again I've tried
many attributes ("Users","Groups","userid") but the authorisation is never
verified, returning the same output. Anyone knows which attributes should go
into auth.conf in order to get this info from win 2000 AD?
Here's the output of JBoss:
[siigpstestBean] Authentication exception, principal=Carlos Ferrao
[Default] LdapLoginModule.login
[Default] Logging into LDAP server,
env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
rolesCtxDN=cn=Users,o=critical.pt, java.naming.provider.url=ldap://hall:389,
java.naming.security.principal=Carlos Ferrao,
java.naming.security.authentication=simple,
java.naming.security.credentials=xxxxxxxx}
[Default] Logged into LDAP server,
javax.naming.ldap.InitialLdapContext@20f237
[siigpstestBean] Insufficient method permissions, principal=Carlos Ferrao,
method=create, requiredRoles=[Tuser, Tadmin]
here's the auth.conf (it works):
libsec {
org.jboss.security.plugins.samples.LdapLoginModule required
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
//principalDNPrefix=""
uidAttributeID="Users"
roleAttributeID="Users"
//principalDNSuffix="DC=critical,DC=pt"
rolesCtxDN="CN=Users,DC=critical,DC=pt"
rolesCtxDN="cn=Users,o=critical.pt"
java.naming.provider.url="ldap://hall:389";
java.naming.security.authentication="simple"
;
};
Here's my info and Tadmin group in win 200 Active Directory:
Expanding base 'CN=cferrao,CN=Users,DC=critical,DC=pt'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=cferrao,CN=Users,DC=critical,DC=pt
2> memberOf: CN=Tadmin,CN=Users,DC=critical,DC=pt;
CN=Tuser,CN=Users,DC=critical,DC=pt;
1> accountExpires: 0;
1> badPasswordTime: 126454878327854035;
1> badPwdCount: 0;
1> codePage: 0;
1> cn: cferrao;
1> countryCode: 0;
1> displayName: Carlos Ferrao;
1> instanceType: 4;
1> lastLogon: 126454880261197150;
1> logonCount: 285;
1> logonHours: <ldp: Binary blob>;
1> distinguishedName: CN=cferrao,CN=Users,DC=critical,DC=pt;
1> objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=critical,DC=pt;
4> objectClass: top; person; organizationalPerson; user;
1> objectGUID: 132af00f-0b0f-49e8-b2a9-a502056ce938;
1> objectSid: S-15-2431463-72FF6BA7-5EE08E3-486;
1> primaryGroupID: 513;
1> pwdLastSet: 126168820329684352;
1> name: cferrao;
1> sAMAccountName: cferrao;
1> sAMAccountType: 805306368;
1> userAccountControl: 512;
1> uSNChanged: 3827;
1> uSNCreated: 3827;
1> whenChanged: 5/3/2001 2:52:18 GMT Standard Time GMT Daylight
Time;
1> whenCreated: 3/14/2001 16:1:28 GMT Standard Time GMT Daylight
Time;
Expanding base 'CN=Tadmin,CN=Users,DC=critical,DC=pt'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=Tadmin,CN=Users,DC=critical,DC=pt
1> member: CN=cferrao,CN=Users,DC=critical,DC=pt;
1> cn: Tadmin;
1> groupType: -2147483646;
1> instanceType: 4;
1> distinguishedName: CN=Tadmin,CN=Users,DC=critical,DC=pt;
1> objectCategory:
CN=Group,CN=Schema,CN=Configuration,DC=critical,DC=pt;
2> objectClass: top; group;
1> objectGUID: fb4d9c02-8eb8-497b-9e29-50ae33bf1eef;
1> objectSid: S-15-2431463-72FF6BA7-5EE08E3-770;
1> name: Tadmin;
1> sAMAccountName: Tadmin;
1> sAMAccountType: 268435456;
1> uSNChanged: 393036;
1> uSNCreated: 393033;
1> whenChanged: 9/19/2001 18:24:23 GMT Standard Time GMT
Daylight Time;
1> whenCreated: 9/19/2001 18:23:14 GMT Standard Time GMT
Daylight Time;
Thanks in advance,
Carlos Ferrao
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
